Stung by a foreign channel’s sting operation exposing alleged leak of data, Indian BPOs are devising newer methods to prevent such leaks and strengthen security of the data further. One such initiative the companies have undertaken to prevent credit-card leaks is a number-combination method, under which a customer service executive has to enter a set of three ten-digit number combinations before he or she logs off from the shift.
In order to prevent people from memorising credit-card information and using it to their advantage, companies are beginning to look at this ten-digit number combination.
The logic being that it would be difficult to memorise a sequence of credit-card numbers. BPOs already have policies in place that do not allow carrying of devices such as mobile phones, hard disks, floppy disks, laptops or any baggage inside the premises. De spite this, there have been security breaches in the past like the ones in Gurgaon and the sting operation by Channel 4.
Srinivasan V, head, Mastek BPO, said: “We are considering number-combination methods to further strengthen security.” He said the company already follows the rules laid down by its global clients such as BITS Framework that is designed for BPO service providers to abide. Charan Bhalla, VP, Wipro BPO adds: “We have quarterly audits in addition to advanced security systems like two-factor authentication and BS 7799 certification, a British security standard. “We conduct half yearly and annual security audits through external and internal auditing agencies as well as random security checks in all our centres,” said an ICICI OneSource spokesperson.
Further, wafer thin margins and higher operational expenses are factors causing smaller BPOs (less than 100 seats) to compromise on security spends. “Small firms need to look at data privacy more intently,” said Sabyasachi Satpathy of NeoIT.